"Missed Voicemail" Phishing Scam
Google Account Hijacking Scheme
tl;dr
Watch out for scam emails claiming that you have a missed voicemail and should click a button to listen to the message. Clicking opens a phishing website designed to steal your Google Account login credentials. If you fall for the ruse, criminals can hijack your Google account, access your files, and conduct further scam campaigns in your name.
Scam emails falsely claiming that you have a missed voicemail are currently hitting inboxes. The emails, which rather vaguely claim to be from the “communications support team”, include details about the origin, date and duration of the supposed missed call.
Here’s what the scam email looks like:
Button Opens a Scam Website
A button in the email invites you to click to listen to your missed voicemail.
Clicking the button opens a scam website. First up, the fake site makes it appear that Google is logging you out of your account. You are not actually being logged out. It is just an animation that runs in your browser.
After a few seconds, a fake Google sign-in form will appear.
The form closely resembles a genuine Google sign-in, but has no connection to Google. As you can see by the URL, the fake page is hosted on a Russian website.
Scammers Can Hijack Your Google Account
If you do “sign in” on the fake site, criminals can nab your login info and hijack your real Google Account. Once they have gained access, they can use your Gmail account to launch further scam and spam campaigns in your name.
They can also access personal information that you have stored in your account and possibly use it to steal your identity.
They may lock you out of your account by changing your password. It can often be difficult to recover a hijacked account.
A Common Scam Tactic
Fake “missed voice mail” notifications are a common scam tactic that criminals have used for many years. The tactic has also been used to distribute malware.